Mar 28, 2009

Digital certification platform MyID.is is taking a crack at offering a way for people to claim their real identity online, in order to be able to prevent ID theft and to verify content they publish on their blogs, social networking accounts, photo & video sharing sites, and so on.

As the article points out, it's an ambitious plan and would require not only users signing up and trusting the service but also tools providers offering identity verification. It's a nascent field but worth a shot. Reminds me of when thawte started out.

Mar 27, 2009

Business Week chimes in the risks to consider when evaluating cloud services:

There are two kinds of risks in putting your data online. One is that you can never be quite sure who has access to your information once it has migrated beyond the hard drives and backup storage devices in your home. The other risk is that the information, and sometimes the applications you need to make use of it, may be available only when you are connected to the Internet and the service is up and running.

Mar 26, 2009

For all its abilities and powers, the iPhone is a tremendous pocket computer, but a lousy phone.

I also converted to the iPhone from Verizon last Christmas. I'm in the 213/323/818/310 zone, and although CDMA isn't the same juggernaut here as in the Northeast, the AT&T network has plenty of bad moments. Of course we also have canyons for an excuse.

I spent a good part of the last hour following links to stories about security and privacy lapses in Google Docs. I started out with a TechCrunch article detailing additional security loopholes that a security expert had recently uncovered including:

* Embedded images in protected documents that never go away and that get saved to an open server * The new diagram feature of Google Docs saves all previous versions of the diagram and makes them available to anyone who can read the doc, even if you've set the diagram to view only mode * Sometimes users still can access documents after their permissions have been revoked

These are pretty serious issues for customers who use Google Docs in a true collaborative fashion; where internal contributors create content, collaborate on it, and produce a final version that is shared with a new audience that is only intended to see the final product.

As I followed links in the post I found that earlier in March a Google Docs user uncovered a bug that was overzealous when setting document permissions on collections of documents. I can actually envision the flawed logic of the code behind that button. Burr. Google reacted and took steps to remedy the problem ultimately notifying customers that they created an automated fix that removed all permissions (except the authors) from the affected documents. Pretty dramatic, and having been through things like this before, not without its own risks of corruption and locking people out of documents for good; what would happen if the author is no longer available?

According to the account of the person who reported the bug, the two weeks that Google took to respond and remedy the problem was admirable, despite the fact that "ultra-secret" information was shared with people who should not have seen the information. Not only does this raise the question of how enterprise-ready Google Docs development is but also what customers come to expect of cloud service providers. I wonder if two weeks would have been admirable if this were Microsoft instead of Google. Not to harp on the customer. He was satisfied and the problem was remedied in part due to his own pro activeness.

Bottom line is the stakes are high when it comes to offering enterprise services in the cloud. Not only for the provider but also for the customer. I had considered using Google Docs for a recent project but decided against it because I did not know where the information was going to be stored. Since it was client information I was working with, and not my own, I opted for the much more cumbersome email approach to sharing files. I’m glad I did. The problems caused by posting embedded images to a separate, unprotected store that subsequently does not remove images when the document is deleted is a reminder that users of cloud services have no control over the architecture or infrastructure of the system (unlike an in-house system) and that they are trusting Google is doing the right thing. In this case Google isn't doing the right thing; at least not right now.

To me this begs the question of whether or not Google's developers really understand developing for enterprise requirements. Sharing and collaborating enterprise content is not new (I keep saying that around cloud services) and there are many developers who brought us products like Lotus Notes and Groove that understand the issues in creating systems to share and secure content. What is new, however, are vendors building sharing platforms in the cloud as if they were enterprise-deployed solutions. They are doomed to make the same mistakes that were made in the early days of collaborative systems if they do not tap into the knowledge that enterprise solution developers already know. And customers will fall into those traps if they aren’t careful. I recall a customer account of how an unprotected HR file that listed salaries of all employees made it into the company’s shared store only to be accidentally displayed in a searching demo to executives. Scary as it was, the problem was contained within the intranet. Imagine if that had been in the cloud?

Google Docs is a 2.5-year-old beta product, which should tip customers off to the fact that it’s all one big experiment still. It is one development model to continue to stumble along, make the same mistakes that companies like Lotus and Microsoft spent years learning, and to use its customers as guinea pigs. If the price point (free) is worth it, then customers of Google Docs can have little recourse when something goes terribly wrong. Customers need to consider all cloud services as carefully as they would consider in-house solutions. Checking out the technical facts as well as their risk tolerance before “buying” is likely to mitigate buyer’s remorse. Don’t count on users to be cautious once you bless the service. Users will not be concerned about how a system is implemented to ensure that the information they post is secure. If the tool makes their work easier you can be assured it will be used heavily. Therefore, it’s up to the people who understand IT to make sure that the cloud services that the company uses are satisfactorily implemented and is secure.

Mar 25, 2009

UPDATE 3/25/2009: After several conversations with colleagues about how putting your life on public record can come back to haunt you and the recent identity squatting incident my friend is suffering, I decided to re-post this entry I made in February of 2007. I think the issues this article covers continue to become more important than ever. The idea of broadcasting your activities in social networks may raise the risk hackles of the X-Gens but will it be tolerable when Millenials are doing the hiring? This article explores these and other issues with social software, privacy, and changing attitudes. My entire post from February 24, 2007 is below.

Kids today. They have no sense of shame. They have no sense of privacy. They are show-offs, fame whores, pornographic little loons who post their diaries, their phone numbers, their stupid poetry—for God’s sake, their dirty photos!—online.

She's got a good point, if you approach the social software world with the idea that you can't hide anything (no matter how hard you try) then you might as well hide nothing. That attitude allows a greater sense of freedom when posting blog entries and joining social networks.

So imagine today's teens becoming 30-somethings and the impact their attitude will have on business and how people work together. Today's "collaboration enthusiasts" will no longer be reminding users to "link rather than attach". And, gasp, e-mail may eventually become passe? It'll be the old-time "e-mailers" clutching to their PIM devices and personalized tools that will be the ones calling the help desk and recreating the Medieval Tech Support scenario circa 2015.

Still, I suspect that I'm going to be one of those privacy nuts holding out to the end ("compared to the scroll, it takes longer to turn the pages of a book"). I know that as much as I like to share, I also like to hoard. Something I learned as a descendant of the cold war and most likely can only be explained in Jungian terms. The pack rats of the future will store their "stuff" in accessible places (public and corporate networks) and on someone elses dime. Free comes with a price, less privacy. But if you have no expectation of privacy in the first place then the price isn't so high. And if the users are OK with it, then social software and collaboration are just a matter of habit.

While the promise of implementing social networking applications for internal collaboration in the enterprise remains appealing, a recent Burton report says many hurdles remain. The problem might be more cultural than technological.

Interesting article on the business reasons for chasing a cloud market.

Many pundits are railing about Cisco's move into the server market because the company's current gross margins are 10-20% less in the server market than in their core router market. What these critics miss is that the evolution of computing is to create corporate clouds of functionality and storage — and those who control the architecture of the cloud will dominate the commercial relationship.

Read the entire article for the rationale. I agree with Mr Sviokla's list of reasons why cloud computing is more "doable" than previous attempts, although he left off one valuable innovation, the ability to provide rich interfaces through light-weight clients (e.g., browsers). Web-based application interfaces like JavaScript, AJAX, and RIAs allow software vendors to develop applications that can be delivered over the Internet to lightweight clients. This takes the guessing work of what the user has on the receiving end-point so that vendors can offer capabilities to a broader audience.

Last week I blogged about a NYT interview with Steve Ballmer and his diagram for the future. In case you missed the follow-on article, Mr. Ballmer explains more (emphasis added by me).

Getting people hooked on using Office in a collaborative mode at home is super-important to getting them to use it that way at work,..If you lose the consumer, you lose the enterprise.

This is an extremely interesting comment, not just for the top-down approach Microsoft is taking to gaining/maintaining market share, but for the concept of using Office "in a collaborative mode." It's not just using productivity editors for editorial sake (i.e., for creating content) but that productivity editors are integral to enhancing the collaboration and coordination of group efforts.

My friend Volker started a different thread on this same quote if you're interested in other reactions to what Mr. Ballmer said.

We’re a collective of seasoned professionals, each with decades of experience in our discipline. We have extensive backgrounds working with the largest end-user enterprises and top-tier vendor solution providers. We “get” collaboration. We “get” information management. And we “get” security and risk.

We’ve been go-to experts for Fortune 500 organizations and top technology media such as the Wall Street Journal and New York Times for years. Now we’re bringing our experience together – in the Collaborative Strategy Guild. We offer a rich set of customized offerings and access to some of the most innovative and effective thinkers in the business.

This morning I heard that a mutual colleague and friend has had their name and likeness "borrowed" by someone for a twitter account and is posting items as "the fake - insert my friends name here -". The faker has not only used my friends full name but they have also posted a photo of my friend in the profile. The thing is that the only way users know that the tweeter is "the fake" is by opening the account profile and reading the description that says they are a fake. In other words, in the twitter stream anything posted by "the fake" can easily be considered as the real person tweeting.

Flattering as it may be that someone would choose to make themselves a "fake me" I find the whole concept creepy and dangerous. The fact that someone is posting things using my identity (with name and photo) to unwitting readers who do not know that it's not really me saying whatever was tweeted is not a happy thought at all.

Humorously, the whole thing reminds me of the great New Yorker cartoon "On the Internet Nobody knows you're a dog." Seriously, there is a very important lesson that I personally try to recall when I sign up for social things. I like to participate in social networks (and do) but I keep in mind that identity is more than digital credentials and that I tend to share less with people who's identity is more obscure to me. I've been working with people and have developed relationships - working and personal - via the Internet for over 20 years now and will continue to do so. But, as in face to face reality, I try to be discerning on who gets what access to my life and information.

This isn't a new problem per se, there have been famous cases of identity fraud online; consider the case of the cyber bullying mom on MySpace. However this is somewhat different. Here someone is saying they are a "fake" real person. It's like cyber-squatting only with a person's identity on a popular social network. It's hard to tell if "the fake" is trying to be malicious or not, it mostly seems like funny stuff. Despite that, things have been posted that my friend would never say and could compromise their reputation. It's new territory in socialization and how the social network providers will respond to these types of things. I'll keep you posted if I find out more or how this might resolve.

Mar 20, 2009

A diagram, by Steve Ballmer, Microsoft’s chief executive, of its cloud computing strategy (Saul Hansell/The New York Times)

It's actually two sides of a mirror mashed-up into one diagram; there is the cloud side and the on-premises side. For everything on-premise there is a matching service in the cloud. They are essentially the same but with different names and constraints. Evidenced by "Windows Server/Azure" and "SQLServer/Azure" in the diagram. Saul Hansell does a nice job of describing the picture in this article, although it would have been fun to see the order that each box was drawn. It sorta looks like Mr. Ballmer forgot to make a box for SharePoint, but then added as he was talking.

Accordingly, Ballmer admits that selling cloud-based services as a platform is a nascent market. I can agree that this selling model and market are new for Google, Microsoft and others, but cloud computing is not new for a long stretch. What is new is the method of selling platform services - like operating systems and enterprise solutions - in a more commercial fashion, with standardized bundles, service levels, and fixed costs.

Good point, but I have to ask if security, compliance, and archiving are so important then why is Exchange still not using SQLServer as a back-end data store? Seems to make sense when you understand that security, compliance, and archiving are best served when you can apply global policies and searching across all the information generated by the different services.

Mar 18, 2009

The use of BlackBerrys and iPhones by jurors gathering and sending out information about cases is wreaking havoc on trials around the country, upending deliberations and infuriating judges.

Last spring I was dismissed from a jury selection panel for an intriguing criminal case that included police officers from 2 counties and 5 towns. It sounded big, like a car chase, and included firearms and gangs. You can be sure I was online that night trying to figure out what event the case was about. Amazingly I found nothing. Maybe that stuff is normal in LA and not newsworthy.

Mar 10, 2009

Since its announcement of the Software+Services strategy in 2006, Microsoft has been steadily refining and growing it's online offerings. Over the last two years Microsoft has unveiled it's strategy at regular intervals. Thus far we've been taken from the S+S strategy in the summer of 2006 through the general availability of US-based consumer and business grade hosted messaging, communications, and collaboration services in November 2008. Last week Microsoft's cloud got bigger with the general availability of worldwide Microsoft Online Services for any sized company. According to Microsoft's press release:

...the Business Productivity Online Suite, part of Microsoft Online Services, is now available for trial to businesses of all sizes in 19 countries. In addition, Microsoft will release Microsoft Office Communications Online, for instant messaging and presence, and the Business Productivity Online Deskless Worker Suite, an extremely economical e-mail, calendaring and collaboration service for the occasional user.

This steady cloud formation is formidable and steps up the competition in the emerging cloud-based platforms market. There's lots of ground that still needs to be covered, especially when it comes to supporting enterprises, however. Microsoft is still not likely to suck the air out of the enterprise hosting room until it can make the entire platform (e.g., messaging plus all of its supporting services) affordable and secure. Cheap mailbox services are a good selling point but enterprises tend to look at (and need) more than just better mailbox service costs. The cloud maturity model looks more complex than one-stop shopping solutions when you get to the enterprise. Flexibility, adaptability, and risk mitigation are the keys to enterprise hearts. The cloud is still too squishy and moist for many.

I can't wait for the follow-on articles. This is an interesting assessment of the state of Broadband in the US as compared to the rest of the developed world.

I don’t know about manners, but it’s easy to find examples that American’s broadband is second-rate:

In Japan, broadband service running at 150 megabits per second (Mbps) costs $60 a month. The fastest service available now in the United States is 50 Mbps at a price of $90 to $150 a month.

In London, $9 a month buys 8 Mbps service. In New York, broadband starts at $20 per month, for 1 Mbps.

In Iceland, 83 percent of the households are connected to broadband. In the United States, the adoption rate is 59 percent.

The article points out that we're not so bad, but it can be much better. Considering our current economic status, globalization, and changing communications needs, I agree with President Obama's assessment of how important broadband is to the US:

President Obama campaigned on a promise of fast broadband service for all. On the White House Web site, he writes “America should lead the world in broadband penetration and Internet access.” And the recent stimulus bill requires the Federal Communications Commission to create a national broadband plan in order to make high-speed Internet service both more available and more affordable.

It's a good vision that runs the risk of be thwarted by politics, stingy providers, and lobbyists if unchecked. Clay Shirky's book "Here comes Everybody" demonstrates the revolutionary effect of how the Internet (and the broadband that gets us there) lowers barriers to group interaction. Now more than ever it's time to consider how the nation will establish better channels for communications and not get left behind.